当前位置:Gxlcms > PHP教程 > 求分析个php代码

求分析个php代码

时间:2021-07-01 10:21:17 帮助过:23人阅读

  1. <code><!--?php
  2. @session_start(); // Start a new Session, if not already created (tracking later?)
  3. @set_time_limit(0); // May run long at times, remove time limits on script execution time
  4. $sess = session_id(); // Current Session ID, use tbd...
  5. if($_SESSION['authenticated'] != true) {
  6. header("Location: /sqlmap/admin/login.php");
  7. }
  8. // Establish Admin ID to manage tasks
  9. if((isset($_POST['myAdminID'])) && (strlen(trim($_POST['myAdminID'])) == 32)) {
  10. $_SESSION['myAdminID'] = trim($_POST['myAdminID']);
  11. }
  12. include("../inc/config.php");
  13. include("../inc/SQLMAPClientAPI.class.php");
  14. $salt = "!SQL!"; // Salt for form token hash generation
  15. $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  16. $_SESSION['token'] = $token; // Set CSRF Token for Form Submit Verification
  17. $taskConfig = array();
  18. if(isset($_SESSION['myAdminID'])) {
  19. $sqlmap = new SQLMAPClientAPI();
  20. if((isset($_GET['task'])) && (trim($_GET['task']) != "")) {
  21. $actionTaskId = trim($_GET['task']);
  22. if(isset($_GET['action'])) {
  23. switch(trim($_GET['action'])) {
  24. case "conf": // Show Config for specified Task ID
  25. $taskConfig = $sqlmap--->listOptions($actionTaskId); // We will actually store it for use in a second...
  26. break;
  27. case "stop": // Stop a specified running Task ID
  28. $sqlmap->stopScan($actionTaskId);
  29. break;
  30. case "kill": // Forcefully Kill a specified running Task ID
  31. $sqlmap->killScan($actionTaskId);
  32. break;
  33. case "del": // Delete a specified running Task ID
  34. $sqlmap->deleteTaskID($actionTaskId);
  35. break;
  36. default: // Do Nothing if nothing is specified...
  37. break;
  38. }
  39. }
  40. }
  41. }
  42. ?>
  43. <title id="ttl">SQLMAP Web GUI - Admin Panel</title>
  44. <meta charset="utf-8">
  45. <meta name="viewport" content="width=device-width, initial-scale=1">
  46. <br>
  47. <!--?php
  48. /*
  49. Need ability to set Admin level taskID
  50. Need ability to change during session if desired (reboot/restarts)
  51. Admin Functionality Needed:
  52. List all available tasks
  53. List Configuration Options for Task by Task ID
  54. Stop scan by Task ID
  55. Kill scan by task ID
  56. Delete task by task ID
  57. Delete ALL tasks
  58. */
  59. echo "<h1 align=\"center\"-->SQLMAP Web GUI - Admin Panel";
  60. if(isset($_SESSION['myAdminID'])) {
  61. $taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
  62. if(!$taskList) {
  63. ?>
  64. <br>
  65. [WARNING] '<!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?-->' - Appears to be an Invalid Admin ID!<br>
  66. <br>
  67. <!--?php
  68. } else {
  69. ?-->
  70. <br>
  71. <h4>
  72. <b>Admin ID:</b> <!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?--><br>
  73. <b>Total Number of Known Tasks:</b> <!--?php echo htmlentities($taskList['tasks_num'], ENT_QUOTES, 'UTF-8'); ?--><br>
  74. </h4>
  75. <br><br>
  76. <!--?php
  77. if((isset($_GET['task'])) && (isset($_GET['action'])) && (trim($_GET['action']) == "conf")) {
  78. echo '<br /--><br>';
  79. echo '<label for="results_textarea">ScanID: ' . htmlentities(trim($_GET['task']), ENT_QUOTES, 'UTF-8') . ', API Scan Configuration</label>';
  80. echo '<textarea class="form-control" id="task_configuration_textarea" rows="20">';
  81. echo "[*] API Scan Configuration:\n";
  82. print_r(htmlentities($sqlmap->listOptions(trim($_GET['task']))['options']), ENT_QUOTES, 'UTF-8');
  83. echo '</textarea><br>';
  84. } else {
  85. ?>
  86. checkScanStatus($t);
  87. $taskConfig = $sqlmap->listOptions($t);
  88. echo "";
  89. echo "";
  90. if(sizeof($taskConfig) > 0) {
  91. $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
  92. echo "";
  93. } else {
  94. echo "";
  95. }
  96. if(isset($status['status'])) {
  97. echo "";
  98. } else {
  99. echo "";
  100. }
  101. echo "";
  102. if($status['status'] == 'running') {
  103. echo "";
  104. echo "";
  105. } else {
  106. echo "";
  107. echo "";
  108. }
  109. echo "";
  110. echo "";
  111. }
  112. ?>
  113. <table class="table table-hover" id="adminTasksDisplayTable">
  114. <thead>
  115. <tr>
  116. <th>TaskID</th>
  117. <th>Target</th>
  118. <th>Status</th>
  119. <th colspan="5">Options</th>
  120. </tr>
  121. </thead>
  122. <tbody>
  123. <!--?php
  124. foreach($taskList['tasks'] as $t) {
  125. $status = $sqlmap---><tr><td>";
  126. echo htmlentities($t, ENT_QUOTES, 'UTF-8');
  127. echo "</td><td>" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td>" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td> Conf </td><td> Stop </td><td> Kill </td><td> - </td><td> - </td><td> Del </td></tr></tbody>
  128. </table>
  129. <!--?php } ?-->
  130. <!--?php
  131. }
  132. } else {
  133. ?-->
  134. <br>
  135. [WARNING] NO Admin ID Set!<br>
  136. <br>
  137. <!--?php
  138. }
  139. ?-->
  140. <br><br><br>
  141. Logout<br>
  142. Want to learn more about SQLMAP, Visit the Project Page!<br>
  143. SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.<br>
  144. <br><br>
  145. </code>

这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  1. <code> $salt = "!SQL!"; // Salt for form token hash generation
  2. $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  3. $_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification</code>

是1-1000000加SALT的sha1加密,然后我在

  1. <code> [WARNING] NO Admin ID Set!<br>
  2. <br>
  3. <!--?php
  4. } else {
  5. ?-->
  6. <br>
  7. <h4>
  8. <b>Admin ID:</b> <!--?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?--><br>
  9. <b>Total Number of Known Tasks:</b> <!--?php echo htmlentities($taskList['tasks_num'], ENT_QUOTES, 'UTF-8'); ?--><br>
  10. </h4>
  11. <br><br>
  12. <!--?php
  13. if((isset($_GET['task'])) && (isset($_GET['action'])) && (trim($_GET['action']) == "conf")) {
  14. echo '<br /--><br>';
  15. echo '<label for="results_textarea">ScanID: ' . htmlentities(trim($_GET['task']), ENT_QUOTES, 'UTF-8') . ', API Scan Configuration</label>';
  16. echo '<textarea class="form-control" id="task_configuration_textarea" rows="20">';
  17. echo "[*] API Scan Configuration:\n";
  18. print_r(htmlentities($sqlmap->listOptions(trim($_GET['task']))['options']), ENT_QUOTES, 'UTF-8');
  19. echo '</textarea><br>';
  20. } else {
  21. ?>
  22. checkScanStatus($t);
  23. $taskConfig = $sqlmap->listOptions($t);
  24. echo "";
  25. echo "";
  26. if(sizeof($taskConfig) > 0) {
  27. $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
  28. echo "";
  29. } else {
  30. echo "";
  31. }
  32. if(isset($status['status'])) {
  33. echo "";
  34. } else {
  35. echo "";
  36. }
  37. echo "";
  38. if($status['status'] == 'running') {
  39. echo "";
  40. echo "";
  41. } else {
  42. echo "";
  43. echo "";
  44. }
  45. echo "";
  46. echo "";
  47. }
  48. ?>
  49. <table class="table table-hover" id="adminTasksDisplayTable">
  50. <thead>
  51. <tr>
  52. <th>TaskID</th>
  53. <th>Target</th>
  54. <th>Status</th>
  55. <th colspan="5">Options</th>
  56. </tr>
  57. </thead>
  58. <tbody>
  59. <!--?php
  60. foreach($taskList['tasks'] as $t) {
  61. $status = $sqlmap---><tr><td>";
  62. echo htmlentities($t, ENT_QUOTES, 'UTF-8');
  63. echo "</td><td>" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td>" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . "</td><td> - </td><td> Conf </td><td> Stop </td><td> Kill </td><td> - </td><td> - </td><td> Del </td></tr></tbody>
  64. </table>
  65. <!--?php } ?-->
  66. <!--?php
  67. }
  68. } else {
  69. ?-->
  70. <br>
  71. [WARNING] NO Admin ID Set!<br>
  72. <br>
  73. <!--?php
  74. }
  75. ?-->
  76. <br><br><br>
  77. Logout<br>
  78. Want to learn more about SQLMAP, Visit the Project Page!<br>
  79. SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.<br>
  80. <br><br>
  81. </code>

这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  1. <code> $salt = "!SQL!"; // Salt for form token hash generation
  2. $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  3. $_SESSION['token'] = $token; // Set CSRF Token for Form SubmitVerification</code>

是1-1000000加SALT的sha1加密,然后我在

  1. <code> [WARNING] NO Admin ID Set!<br>
  2. </code><form class="form-horizontal" role="form" id="myAdminID" action="/sqlmap/admin/index.php" method="POST"><code>
  3. <input type="hidden" name="token" value="<?php echo $token; ?>"> </code></form>

看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!

你通过POST传递 myAdminID,但问题是你自己输入的myAdminID是应该怎么产生的?

那个token是防止CSRF的,不是用来产生myAdminID的,至于myAdminID应该怎么产生,你应该看看这段代码:

  1. <code>$sqlmap->adminListTasks(trim($_SESSION['myAdminID']));</code>

人气教程排行